forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path8_dynamic_continued.xml
142 lines (127 loc) · 6.5 KB
/
8_dynamic_continued.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Dynamic analysis SRE (cont.)</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
Building upon the skills acquired in the previous lab, this hands-on debugging session takes your expertise to the next level with a fresh set of challenges.These new exercises further enhance your dynamic analysis capabilities using the GNU Debugger (GDB). In the world of reverse engineering and cybersecurity, debugging is an indispensable skill, particularly when the source code remains elusive. This lab provides the ideal platform to fortify your skills by introducing unique challenges, each designed to push the boundaries of your GDB proficiency.
You'll set breakpoints, scrutinize register values, and decipher assembly instructions to uncover concealed passwords and flags. For example, in the "XorStr" challenge, you'll leverage GDB to identify an XOR mask and use it to decrypt a string, while "StaticInt" will have you focusing on EAX values and local variables to print the flag. By the conclusion of this lab, you will have cemented your debugging abilities and effectively surmounted eight new challenges, solidifying your expertise in dynamic analysis for situations where source code accessibility is restricted.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/11A7tZppId1pxbcclZDPr6e-zwWPKqPnJMgyAtcARR2s/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>analysis environments</keyword>
<keyword>DYNAMIC ANALYSIS</keyword>
</CyBOK>
<video>
<title>Dynamic Analysis and Debugging</title>
<by>Thalita Vergilio</by>
<url>https://youtu.be/pExTbDVt0Gw</url>
<type>lecture-prerecorded</type>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>analysis environments</keyword>
<keyword>DYNAMIC ANALYSIS</keyword>
</CyBOK>
</video>
<system>
<system_name>metactf</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<utility module_path=".*/reversing_tools"/>
<utility module_path=".*/ghidra"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts" into_datastore="account">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>false</value>
</input>
</generator>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0" access_json="['username']">account</datastore>
</input>
<input into="accounts">
<datastore>account</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/metactf">
<input into="challenge_list">
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_csp/Ch3.1-3.5/Ch3_05_XorLong</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_csp/Ch3.1-3.5/Ch3_05_XorStr</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_csp/Ch3.6-3.7/Ch3_07_SegvBacktrace</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_csp/Ch3.7-3.9/Ch3_08_2DArrays</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_InputFormat</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_StaticInt</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_StaticRE</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_StaticStrcmp</value>
</input>
</generator>
</input>
<input into="account">
<datastore>account</datastore>
</input>
</utility>
<network type="private_network" range="dhcp"/>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>